genkey1024.test hanging on low-entropy systems
Werner Koch
wk at gnupg.org
Thu Oct 30 09:56:30 CET 2014
On Thu, 30 Oct 2014 00:05, dkg at fifthhorseman.net said:
> should the tests use --debug-quick-random to avoid a hang? Is there any
That does not works because gpg-agent creates the key. It is a bit
complicated to start gpg-agent in lower random quality mode. I added a
command line only option --debug-quick-random to gpg-agent and some
hacks to allow passing it to the start-the-agent-on-the-fly code.
Pushed.
Thanks for reminding about this. I usuallay resort to the rngd hack ;-).
Salam-Shalom,
Werner
==
commit 9546aa3cc87fc83a40768a12fbbceb19496ce129 (HEAD, refs/heads/wk-master)
Author: Werner Koch <wk at gnupg.org>
Date: Thu Oct 30 09:55:51 2014 +0100
tests: Speed up the genkey1024.test by using not so strong random.
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.
Signed-off-by: Werner Koch <wk at gnupg.org>
Modified agent/gpg-agent.c
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index af91506..3f03ff4 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -81,6 +81,7 @@ enum cmd_and_opt_values
oDebugAll,
oDebugLevel,
oDebugWait,
+ oDebugQuickRandom,
oNoGreeting,
oNoOptions,
oHomedir,
@@ -149,6 +150,7 @@ static ARGPARSE_OPTS opts[] = {
{ oDebugAll, "debug-all" ,0, "@"},
{ oDebugLevel, "debug-level" ,2, "@"},
{ oDebugWait,"debug-wait",1, "@"},
+ ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"),
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
{ oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")},
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
@@ -730,6 +732,11 @@ main (int argc, char **argv )
default_config = 0; /* --no-options */
else if (pargs.r_opt == oHomedir)
opt.homedir = pargs.r.ret_str;
+ else if (pargs.r_opt == oDebugQuickRandom)
+ {
+ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+ }
+
}
/* Initialize the secure memory. */
@@ -847,6 +854,10 @@ main (int argc, char **argv )
# endif
break;
+ case oDebugQuickRandom:
+ /* Only used by the first stage command line parser. */
+ break;
+
case oWriteEnvFile: /* dummy */ break;
default : pargs.err = configfp? 1:2; break;
Modified common/asshelp.c
diff --git a/common/asshelp.c b/common/asshelp.c
index e97d396..3fc28a1 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -363,7 +363,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
assuan_context_t ctx;
int did_success_msg = 0;
char *sockname;
- const char *argv[5];
+ const char *argv[6];
*r_ctx = NULL;
@@ -380,10 +380,31 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
{
char *abs_homedir;
lock_spawn_t lock;
+ char *program = NULL;
+ const char *program_arg = NULL;
+ char *p;
+ const char *s;
+ int i;
/* With no success start a new server. */
if (!agent_program || !*agent_program)
agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
+ else if ((s=strchr (agent_program, '|')) && s[1] == '-' && s[2]=='-')
+ {
+ /* Hack to insert an additional option on the command line. */
+ program = xtrystrdup (agent_program);
+ if (!program)
+ {
+ gpg_error_t tmperr = gpg_err_make (errsource,
+ gpg_err_code_from_syserror ());
+ xfree (sockname);
+ assuan_release (ctx);
+ return tmperr;
+ }
+ p = strchr (program, '|');
+ *p++ = 0;
+ program_arg = p;
+ }
if (verbose)
log_info (_("no running gpg-agent - starting '%s'\n"),
@@ -404,6 +425,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
log_error ("error building filename: %s\n",gpg_strerror (tmperr));
xfree (sockname);
assuan_release (ctx);
+ xfree (program);
return tmperr;
}
@@ -416,30 +438,32 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
xfree (sockname);
assuan_release (ctx);
xfree (abs_homedir);
+ xfree (program);
return tmperr;
}
/* If the agent has been configured for use with a standard
socket, an environment variable is not required and thus
we we can savely start the agent here. */
-
- argv[0] = "--homedir";
- argv[1] = abs_homedir;
- argv[2] = "--use-standard-socket";
- argv[3] = "--daemon";
- argv[4] = NULL;
+ i = 0;
+ argv[i++] = "--homedir";
+ argv[i++] = abs_homedir;
+ argv[i++] = "--use-standard-socket";
+ if (program_arg)
+ argv[i++] = program_arg;
+ argv[i++] = "--daemon";
+ argv[i++] = NULL;
if (!(err = lock_spawning (&lock, homedir, "agent", verbose))
&& assuan_socket_connect (ctx, sockname, 0, 0))
{
- err = gnupg_spawn_process_detached (agent_program, argv,NULL);
+ err = gnupg_spawn_process_detached (program? program : agent_program,
+ argv, NULL);
if (err)
log_error ("failed to start agent '%s': %s\n",
agent_program, gpg_strerror (err));
else
{
- int i;
-
for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++)
{
if (verbose)
@@ -462,6 +486,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
unlock_spawning (&lock, "agent");
xfree (abs_homedir);
+ xfree (program);
}
xfree (sockname);
if (err)
Modified doc/gpg-agent.texi
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 7eadf59..a4079d7 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -293,6 +293,14 @@ When running in server mode, wait @var{n} seconds before entering the
actual processing loop and print the pid. This gives time to attach a
debugger.
+ at item --debug-quick-random
+ at opindex debug-quick-random
+This option inhibits the use the very secure random quality level
+(Libgcrypt’s @code{GCRY_VERY_STRONG_RANDOM}) and degrades all request
+down to standard random quality. It is only used for testing and
+shall not be used for any production quality keys. This option is
+only effective when given on the command line.
+
@item --no-detach
@opindex no-detach
Don't detach the process from the console. This is mainly useful for
Modified doc/gpg.texi
diff --git a/doc/gpg.texi b/doc/gpg.texi
index cddf462..e894f5c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1710,7 +1710,10 @@ This is dummy option. It has no effect when used with @command{gpg2}.
@item --agent-program @var{file}
@opindex agent-program
Specify an agent program to be used for secret key operations. The
-default value is the @file{/usr/bin/gpg-agent}.
+default value is determined by running @command{gpgconf} with the
+option @option{--list-dirs}. Note that the pipe symbol (@code{|}) is
+used for a regression test suite hack and may thus not be used in the
+file name.
@ifclear gpgtwoone
This is only used
as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
Modified doc/gpgsm.texi
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index bc6326c..34b6024 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -358,7 +358,9 @@ Change the default name of the policy file to @var{filename}.
@item --agent-program @var{file}
@opindex agent-program
Specify an agent program to be used for secret key operations. The
-default value is the @file{/usr/local/bin/gpg-agent}.
+default value is determined by running the command @command{gpgconf}.
+Note that the pipe symbol (@code{|}) is used for a regression test
+suite hack and may thus not be used in the file name.
@ifclear gpgtwoone
This is only used
as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
Modified doc/tools.texi
diff --git a/doc/tools.texi b/doc/tools.texi
index d9ce81e..d556b6d 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1199,7 +1199,11 @@ Try to be as quiet as possible.
@item --agent-program @var{file}
@opindex agent-program
-Specify the agent program to be started if none is running.
+Specify the agent program to be started if none is running. The
+default value is determined by running @command{gpgconf} with the
+option @option{--list-dirs}. Note that the pipe symbol (@code{|}) is
+used for a regression test suite hack and may thus not be used in the
+file name.
@ifset gpgtwoone
@item --dirmngr-program @var{file}
Modified tests/openpgp/defs.inc
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index b7320d5..941f786 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -244,10 +244,9 @@ for f in gpg.conf gpg-agent.conf ; do
case "$f" in
gpg.conf)
[ -n "${opt_always}" ] && echo "no-auto-check-trustdb" >>"$f"
- echo "agent-program $GPG_AGENT" >>"$f"
+ echo "agent-program ${GPG_AGENT}|--debug-quick-random" >>"$f"
echo "allow-weak-digest-algos" >>"$f"
-
- ;;
+ ;;
gpg-agent.conf)
echo "pinentry-program $PINENTRY" >>"$f"
;;
Modified tests/openpgp/version.test
diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test
index cae8b68..057bcf0 100755
--- a/tests/openpgp/version.test
+++ b/tests/openpgp/version.test
@@ -39,9 +39,12 @@ done
# create a faked random seed file. Note that we need to set the
# agent-program so that gpg-connect-agent is able to start the agent
# we are currently testing and not an already installed one.
+# The "|--debug-quick-random" is a hack to start gpg-agent with
+# that option on the command line.
info "Starting the agent"
$MKTDATA 600 >random_seed
-if $GPG_CONNECT_AGENT -v --agent-program="$GPG_AGENT" /bye; then
+if $GPG_CONNECT_AGENT -v \
+ --agent-program="${GPG_AGENT}|--debug-quick-random" /bye; then
:
else
error "starting the gpg-agent failed"
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list